In the “three-way handshake” used for the setup of Transmission Control Protocol (TCP) connections, a client device (or “client”) first sends a TCP Synchronize (SYN) message to the server, which indicates a request to establish a connection with the server. The server then replies to the client with a Synchronize-Acknowledgement (SYN-ACK) message, which indicates that the server is ready to receive data communication from the client over the connection. The client then replies to the server with an Acknowledge (ACK) message, which indicates that the client is ready to receive data communication from the server over the connection. Data communication may then be exchanged between the server and the client.
A TCP SYN flooding attack is a denial-of-service (DoS) method affecting hosts that run TCP server processes. These types of attacks, and various countermeasures against them, are described, for example, by Eddy in “TCP SYN Flooding Attacks and Common Mitigations,” published by the Internet Engineering Task Force (IETF) as Request for Comments (RFC) 4987 (August, 2007). A particular mechanism for guarding against simple flooding attacks is provided by TCP Cookie Transactions (TCPCT), which are described, for example, by Simpson in “TCP Cookie Transactions (TCPCT),” published by the IETF as RFC 6013 (January, 2011).
Remote Direct Memory Access (RDMA), which includes several varieties such as Infiniband RDMA and RDMA over Converged Ethernet (ROCE), is a connection protocol providing direct memory access from the memory of one computer into that of another computer. An RDMA connection may be established by a handshake similar to the above-described three-way handshake for TCP, whereby a Request (REQ) message, a Reply (REP) message, and a Ready-to-use (RTU) message function similarly to, respectively, the SYN, SYN-ACK, and ACK messages.